Tag Info

Attacks that are based on recording an encrypted and/or signed communication and replaying it at a later time.

Attacks that are based on recording an encrypted communication and replaying it at a later time. For example Alice sends Bob a signed message with an order of a book. Malice records this message sends it again to Bob, creating a second order.

In order to prevent replay attacks, each valid message needs to be unique:

The message may contain a serial number and both parties need to keep track of used serial numbers.

During a handshake, the recipient may generate a random number (nonce), which the sender must include in her message.

Sometimes session ids or timestamps are used. They narrow the window of opportunity to the validity period of the timestamp or session. But they do not prevent replay attacks entirely.